Intel Microcode Patches Now on the Microsoft Update Catalog

Microsoft announced this month it would be including Intel microcode (BIOS) updates meant to fix the graver version of the Spectre vulnerability as Windows Update packages made available via the Microsoft Update Catalog portal.

Microsoft greatly expanded the number of such packages, extending support from the initial Skylake 6th gen processor family to many more CPU series, information security training researchers said.

This means that many Windows users who utilize Intel CPUs but have not received BIOS updates from their motherboard manufacturer may now be able to install the Spectre variant 2 (CVE 2017-5715) patch just by downloading a Windows update package from Microsoft’s portal.

Information security professionals told; Microsoft did not initially plan to distribute microcode updates. These packages patch the Spectre vulnerability that Microsoft initially said it couldn’t fix at the software level, and deferred the patching operations to OEMs. The OS maker later changed its mind because some OEMs were missing in action, failing to integrate Intel’s microcode fixes.

Currently, Microsoft is embedding these Intel CPU microcode patches as updates to the operating system’s CPU driver, an unorthodox method of delivering microcode updates, which have previously been left to OEM vendors only, usually delivered as BIOS updates.

Microsoft’s custom updates are only meant for Windows 10 version 1709 and Windows Server, version 1709 (Datacenter, Standard) users, and not for Windows 7, 8, and 8.1 machines. Microsoft’s original Meltdown and Spectre patches must be already installed.

Users have to visit the Windows Update Catalog, search and download these update package manually, as they’re not included in the regular, self-installing Windows Update mechanism, information security training professionals said.

According to KB4090007, the Windows Update Catalog portal now includes Intel microcode patches for the following Intel processor models: